Comments on: Thunder Tables™ Explained

By: Vladimir Katalov

Vladimir Katalov — Wed, 29 Jul 2009 04:59:44 +0000

I'd recommend Advanced Office Password Recovery -- it supports all versions of Microsoft Office, all kinds of passwords. Advanced Office Password Breaker may only help for those Word 2003 files that has open password set, and use old (Office 97/2000 compatible) 40-bit encryption.

By: Charles Parkin

Charles Parkin — Wed, 29 Jul 2009 03:51:00 +0000

I had previously purchased Elcomsoft System Recovery Professional. I now require a program to recover/hack/remove anything and everything from MS Word 2003/2007 documents.

Which product do you recommend?

By: Alen

Alen — Fri, 22 May 2009 18:31:02 +0000

Thanks guys!

BTW, I like your blog! It is informative, interesting and usefull.

By: Andrey Malyshev

Andrey Malyshev — Fri, 22 May 2009 13:59:28 +0000

The number of encryption keys is significantly higher than 5. The whole file is splitted to 512 Kb blocks. You know the typical size of Access database – it will be thousands of keys at least. The next key cannot be derived from the first.

There is the following algorithm:

1. Calculate hash from password and salt
2. Calculate hash from the first hash and block number
3. Use 5 bytes from calculated hash as 40-bit encryption key

SHA-1 hash is not reversable – so we cannot find the next encryption keys.

All we can do is to search for password (most real thing) or search for 160 bit hash from step 1.

By: Alen

Alen — Fri, 22 May 2009 13:01:47 +0000

Aren’ the other 4 encryption keys derived from the first?
So, if you know the database page 0 structure, you could add brute force attack to try to decrypt the database (like AOPB)?
The db could be decrypted in a month, if I’m not all wrong.

I know that AOPR can handle ACCDB files, but it can newer find a password like mY61veriS042@Fe1.

By: Andrey Malyshev

Andrey Malyshev — Fri, 22 May 2009 10:31:42 +0000

Access 2007 ACCDB files are supported in Advanced Office Password Recovery (http://www.elcomsoft.com/aopr.html). That’s true – 40 bit RC4 encryption is used and the algorithm is similar to MS Office XP with CSP encryption.

Unfortunately Thunder Tables are not applicable in this case because we can find only RC4 key that corresponds to the first 512-byte document block. The key is changing for each next document block and we must find the 160-bit hash to find each key value and decrypt the whole document. Therefore effective key length in this encryption algorithm is 160 bit.

By: Andrey Belenko

Andrey Belenko — Fri, 22 May 2009 08:43:52 +0000

Thanks for comment and feature suggestion!

It is surprisingly enough to see Microsoft to leave 40-bit encryption as default in Access 2007 while seriously improving both password security and encryption in other products from Office 2007.
Access files are not nearly so widespread as Word or Excel or PDF documents, so I’m not sure if it is actually worth building Thunder Tables for it. But what is definitely worth doing is implementing brute-force key search attack for such files (and for all files using insecure 40-bit CSP).

By: Alen

Alen — Thu, 21 May 2009 19:18:10 +0000

What about Access 2007 ACCDB files (it uses 40 bit keys for RC4 encryption)?
I know that the file format is quite complex and uncompacted databases are a nightmare, but still, if somebody can do this, then it’s you guys.